Katie DriveSentry

Discussion in 'other anti-malware software' started by DriveSentry, May 19, 2008.

Thread Status:
Not open for further replies.
  1. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    Hi djohn.
    Have a look here
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thanks Tony.I haven't seen that until now but I did Go ahead a remove DS for now.may run at a latter when my license is up for nod.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Is it safe that the exe files listed have these rules?
    This is what was auto created after installing new DS 3.1.2.29

    can write to removable media
    can write to the registry
    can write *(any) files anywhere

    iexplore.exe
    explorer.exe
    helpsvc.exe
    wuauclt.exe
    svchost.exe
    defrag.exe
    firefox.exe
    7z457.exe
    7zg.exe

    ------

    Logs

    Where it says "Number of logs to store 1024" Does this refer to the number of lines in the log window or number of log files stored?

    If it stores logs on my system then where would they be? I have looked in the DS folder of program files.

    Also, in the log window of Drive Sentry, I would like the ability to set the order of the list by category; status, destination, source, date/time.


    Thanks,

    Searching

    P.S. Is the .29 in 3.1.2.29 a typo? Should it read 3.1.2.9 the version before the release of 3.1.3?

    My Advisor window on synchronize just has an x in the upper left so didn't get to see anything "funky new" but looks cool on the main.
     
  4. bitbizket

    bitbizket Registered Member

    Joined:
    May 23, 2007
    Posts:
    26
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  6. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    Searching,

    The list of exe's have been auto-allowed via whitelisting so they should be safe :) According to the help "Number of logs to store 1024" refers to the amount of I/O saved.

    ~interact
     
  7. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    I'm running now and it seems stable, there's now 2 builds one with local DB and one without.

    ~interact
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    cool:thumb:
     
  9. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
  10. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    My current issue with DriveSentry on one of my XP SP3 machines is that it stalls when attempting to load software that is seemingly not already on an "allow" list already. CPU usage hits 100% for the DriveSentry process and the application fails to load. DriveSentry still responds to user interaction so I'm able to issue a shutdown. Once it's shutdown, the application I tried to launch appears without issue. As an example, Internet Explorer or Mozilla Firefox launch fine but K-Meleon does not. The behaviour almost seems to suggest that I'm supposed to be seeing a popup to allow/deny the application.

    Not sure what might be conflicting with DriveSentry since I've uninstalled _every_ other antivirus/malware application and I'm not suppressing popups in any way [I still see poups when a "known" application tries to do something]. Another thing of interest is that I can't add applications to the Allow list manually. I can get the file selection dialog but after locating the file I want, it's never added to the list.

    I have a similarly configured XP machine that is happily running DriveSentry and ThreatFire concurrently so it doesn't seem to be a factor external to the machine.

    This has occurred on this machine for all versions of DriveSentry available over the last couple of months :(
     
  11. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    551
    Location:
    Sonoran Desert
    Possibly your problem is Kmeleon, if using version 1.5.1.

     
  12. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    Unfortunately it also causes problems for other applications such as Pidgin and even mIRC [which I found interesting]. I'm also running K-Meleon 1.1.6.

    Pidgin exhibits the same "fail to load" behaviour as K-Meleon but mIRC only does so after establishing server connections. The issue seems to be related to internet connectivity. I just tested FileZilla and it loaded fine, until it tried to update itself, at which point it froze until I shut down DriveSentry.

    While I'm on this train of thought, I'm wondering if it has anything to do with my virtual NICs that are bridged with my physical NIC. I'll remove them and see how things go.

    edit: Turns out this issue has nothing to do with bridged virtual network interfaces and everything to do with trying to run applications from an encrypted partition. As soon as the application is moved to a non-encrypted partition, everything works without issue. I'm not sure why there's only a conflict when the application tries to perform a network-related action, though. Many of these applications appeared to fail to load completely because they connect to the Internet almost immediately. Other applications, that do not establish any connections on launch, work fine otherwise.

    For the record, my partition is encrypted using TrueCrypt and I'm currently running v6.0a. I might try upgrading to v6.1 but I'm not overly confident this will make any difference.
     
    Last edited: Nov 2, 2008
  13. bitbizket

    bitbizket Registered Member

    Joined:
    May 23, 2007
    Posts:
    26
    I was wondering why you have disabled Defense + or you are using any particular HIPS substitute. I don't have any issue with Defense + enabled so far.
    I've tried many other HIPS products but DriveSentry is the one less likely to have conflicts. In terms of protection DriveSentry still need to proof itself of its effectiveness since there isn't much reliable tests done on it.
     
  14. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    Does anyone know if the Av part of DriveSentry is home grown or licenced technology from another AV Vendor. Would be interested to know which AV vendor if anyone knows?

    Cheers

    Jlo
     
  15. bitbizket

    bitbizket Registered Member

    Joined:
    May 23, 2007
    Posts:
    26
    Here's what i found.
    DriveSentry partners with Offensive Computing and Frame4 Security Services to collect and analyze malware samples for their blacklist.
     
  16. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    bitbizket,

    I disabled Comodo Defense+ because I found there was too many pop-ups. As an Internet firewall it's perfect with Drivesentry. I have been emailed a copy of the review by Virus Bulletin which I have promised not to forward but the conclusion is very positive about Drivesentry here's part of the conclusion:

    "There is a little confusion about exactly what market DriveSentry is aimed at. During the installation process the standard messages about removing any conflicting security software are in evidence, but from personal communication with the company and various postings and discussions on forums it seems that the product is designed to be compatible with more traditional anti-malware solutions, intended as an extra layer of security in addition to, rather than in place of, these more standard products. For this purpose it seems like an ingenious, simple tool with some excellent protection capabilities. There are, as with every product, a few holes which doubtless could be exploited should the user be unlucky enough to be hit by exactly the wrong piece of malware, but this remains a danger with even the most sophisticated and complex security setup."

    Drivesentry also scored 85% in the VB100 tests which impressed the reviewer as the software is an IDS/Whitelist tool and not a full blown AV product.

    ~interact
     
  17. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    bitbizket,

    I also know they have some AV experts that process internally. BTW I found out via my support contact that Drivesentry will feature real-time rootkit protection in a few weeks. I've been asked to do some beta testing :argh:

    ~interact.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    and thas for december:thumb: and then the network firewall:thumb: cool things to come,be ready:thumb:
     
  19. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    412
    Location:
    Greece
    hi katie . when i install drivesentry tells me unistall avast. problems run drivesentry with avast together?
     
  20. bitbizket

    bitbizket Registered Member

    Joined:
    May 23, 2007
    Posts:
    26
    That's a very positive news. Thanks for the input guys.
    I can see DriveSentry could be the next "ISS BlackICE" but way better or i could be mistaken.

    Here's another question.

    Does DriveSentry implement a heurestic engines on its malware scanner? If it does not, would it be better that way since the obvious way to get passed this whitelisting is to use an exploit that patches an in-memory process.
    There is no need for a file and the technique is used by non-persistent rootkits and other threats that can disable security software, such as anti-virus, firewalls, white listing programs, or most anything else.

    The way I see it AV vendors are planing to use the whitelist approach in order to achieve faster scanning of hard drives and not as a way to increase security if only whitelisted files would be allowed on a system.

    Whitelisting can be a valuable addition to a defense-in-depth strategy, but it is not a complete defense. So a multi-layer protection is currently the best solution to say.:cautious:
     
    Last edited: Nov 6, 2008
  21. bitbizket

    bitbizket Registered Member

    Joined:
    May 23, 2007
    Posts:
    26
    Hmm..whats happening here? Does DriveSentry have an issue with other antivirus. I've been ask recently about DriveSentry not compatible with NOD32 causing system to freeze and BSOD.

    Can you unisnstall avast first before installing DriveSentry. See if DriveSentry works fine then try reinstalling your antivirus again. See if that's work for you.
     
  22. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    For the record, upgrading TrueCrypt didn't help with the issue so I've given up on DriveSentry for now.

    DriveSentry and applications on TrueCrypt-encrypted partitions/containers don't seem to play well [at least for me]. It'd be interesting to see if anyone else has had problems with other encryption products, such as DriveCrypt.

     
  23. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    412
    Location:
    Greece
    now drivesentry works well with avast! thanks katie!
     
  24. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198

    Hi,

    DriveSentry runs with most AV products but we warn users in the install just incase there's any issues. I do know DriveSentry and Avast seem to like each other :)

    Best regards,

    Kate
     
  25. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198
    Hi traxx75,

    One of the team runs TrueCrypt and DriveSentry on a daily basis on their laptop with no issues. Do you have anything else installed that could be clashing with DriveSentry?

    Thank you,

    Kate.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.